OSINT & Reconnaissance

Targeted open-source intelligence engagements that show you exactly what an attacker, an investigator, or a journalist could uncover about your people, your supply chain and your operations.

Book a scoping call See other services

Engagement types

  • Executive & VIP exposure assessments. What's publicly available about your leadership, board members or high-risk individuals, and what risk does that pose?
  • Supply chain & third-party risk. Map upstream and downstream relationships, and surface vulnerabilities in vendors that could become your problem.
  • Pre-engagement reconnaissance. The OSINT phase of a red team, M&A diligence, fraud investigation or insider threat enquiry.
  • Leaked data & credential exposure. Deep checks across breach corpuses, code repositories, paste sites and underground forums.
  • Threat actor profiling. Tracking, attributing and reporting on adversaries targeting your sector.

Why us

Our team has been doing offensive reconnaissance professionally for over a decade. We've built and contributed to widely-used OSINT tooling, written and taught the methodologies, and applied them at scale across both private and public sector engagements.

Each engagement is scoped to your specific question, executed methodically, and reported in a way that's actually useful: sources, evidence, and clear recommendations on what to remove, monitor or change.

Want to know what's out there?

Drop your email and we'll be in touch to scope an OSINT engagement.